SAP-C02 Exam QuestionsBrowse all questions from this exam
Go to Exam

SAP-C02 Exam - Question 359

A financial services company has an asset management product that thousands of customers use around the world. The customers provide feedback about the product through surveys. The company is building a new analytical solution that runs on Amazon EMR to analyze the data from these surveys. The following user personas need to access the analytical solution to perform different actions:

• Administrator: Provisions the EMR cluster for the analytics team based on the team’s requirements

• Data engineer: Runs ETL scripts to process, transform, and enrich the datasets

• Data analyst: Runs SQL and Hive queries on the data

A solutions architect must ensure that all the user personas have least privilege access to only the resources that they need. The user personas must be able to launch only applications that are approved and authorized. The solution also must ensure tagging for all resources that the user personas create.

Which solution will meet these requirements?

Show Answer
Correct Answer: C

Using AWS Service Catalog is the most appropriate solution to meet the requirements. AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS, which ensures that only approved applications and configurations are deployed. It supports defining permissions for each user persona, ensuring they have least privilege access. It also enforces resource tagging, which is essential for managing and tracking resources effectively.

Discussion

13 comments
Sign in to comment
career360guruOption: C
Jan 10, 2024

Option C. Option A does not provide control over deployment of resources and configurations.

ayadmawlaOption: A
Dec 9, 2023

A - IAM Roles define actions Service Catalogue is about resources (EMR)

ayadmawla
Dec 19, 2023

it seems that I was wrong and C is the approach as per: https://aws.amazon.com/blogs/big-data/build-a-self-service-environment-for-each-line-of-business-using-amazon-emr-and-aws-service-catalog/

awsamarOption: C
Dec 14, 2023

keyword here are: "...only applications that are approved and authorized..." Only C provides this

heatblurOption: C
Nov 25, 2023

C is correct: AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. This is ideal for controlling which Amazon EMR versions and cluster configurations are available to users. Specific cluster configurations and permissions can be set for each user persona, ensuring they have only the access they need. This meets the least privilege principle. The Service Catalog can be configured to allow users to launch only certain applications, ensuring adherence to company policies on approved and authorized software. It also supports resource tagging.

shaaam80Option: C
Nov 29, 2023

From GPT: AWS Service Catalog allows you to control and manage access to resources by defining portfolios and products with specific permissions. Allows you to create portfolios with approved and authorized applications, ensuring that only the specified applications are launched. AWS Service Catalog can enforce tagging on provisioned resources, ensuring that all resources created by the user personas are appropriately tagged.

PouyaK
Dec 2, 2023

Answer A - The answers from Chat GPT are inaccurate and untrustable.

JMAN1Option: C
Jan 9, 2024

C because tagging ensured by Service Catalogue.

dutchy1988
Dec 4, 2023

It seems that AWS is upselling AWS Service Catalog here with this question. Some key parts in this question: 1. Least privilige access 2. launch only approved and authorized applications 3. ensure tagging.

dutchy1988
Dec 4, 2023

due to point 3, all options with AWS config rule are out since it only measures if you are compliant, so that means tagging is not ensured upfront. A and D are out! B doenst fullfill the requirement for tagging and even more, is kerberos really helpfull here?

dutchy1988
Dec 4, 2023

Leaves only C, quote from https://aws.amazon.com/servicecatalog/ Create, organize, and govern a curated catalog of AWS resources that can be shared at the permissions level so you can quickly provision approved cloud resources without needing direct access to the underlying AWS services. -> meets only allowed and authorized application launch. AutoTag fulfills the requirement to tag resources with creator -> aws:servicecatalog:provisioningPrincipalArn - The ARN of the provisioning principal (user) who created the provisioned product. this can only be AWS Server Catalog. and please stop seeding GPT answers! do your own research.

cypkirOption: C
Nov 22, 2023

Answer: C

devalenzuela86
Nov 25, 2023

A is correct Aws: To ensure that all user personas have least privilege access to only the resources they need, can launch only approved and authorized applications, and ensure tagging for all resources that the user personas create, a solutions architect can consider the following steps: 1. IAM roles for each user persona. Attach identity-based policies to define which actions the user who assumes the role can perform. 2.Create an AWS Config rule to check for noncompliant resources. Configure the rule to notify the administrator to remediate the noncompliant resources.

shaaam80
Dec 6, 2023

Please vote your answers rather than just commenting. It skews the vote % for someone who doesnt read all the comments.

vibzr2023
Jan 7, 2024

Selected Answer: C Option A: While IAM roles and identity-based policies offer user-level control, they lack the functionality for managing EMR deployment options and configurations centrally.

gfhbox0083Option: C
Jul 13, 2024

C, for sure. AWS Service Catalog ensures that all resources created are compliant with the organization's policies, including mandatory tagging.